Please don't mix "you" and "we" in the text on who is doing what.
2014-11-20 16:34 GMT+01:00 Daniel Jakots <vigdis+o...@chown.me>: > On Sun, 16 Nov 2014 20:09:35 +0100, Daniel Jakots > <vigdis+o...@chown.me> wrote: > > > I wanted to add some content to FAQ14 > > Here it is. > > This can be useful for people who want to encrypt only their /home or > people who want to automatically mount another disk encrypted at boot > (me). > > Cheers, > Daniel > > Index: faq14.html > =================================================================== > RCS file: /cvs/www/faq/faq14.html,v > retrieving revision 1.247 > diff -u -p -u -p -r1.247 faq14.html > --- faq14.html 18 Nov 2014 02:00:07 -0000 1.247 > +++ faq14.html 20 Nov 2014 15:29:41 -0000 > @@ -3057,6 +3057,41 @@ and > <a href=" > http://www.openbsd.org/cgi-bin/man.cgi?query=softraid&sektion=4 > ">softraid(4)</a> > on your system. > > +<h4>Mounting a cryptographic softraid volume at boot</h4> > + > +This setup can be used for additional softraid volumes which don't > +contain the root partition. > + > +<p> > +You need to know the <a href="faq14.html#DUID">DUID</a>s of the > +physical device and the one of the softraid volume. > + > +<blockquote><pre> > +$ <b>disklabel sd0 | grep duid</b> > +duid: 4d498d4248c8d056 > +$ <b>disklabel sd1 | grep duid</b> > +duid: b1e264fc29000110 > +</pre></blockquote> > + > +We will use <i>/etc/rc.local</i> to decrypt, do a minor fsck check and > +finally mount the volume. We use the DUID of the physical disk: > + > +<blockquote><pre> > +# <b>echo "bioctl -c C -l 4d498d4248c8d056.m softraid0" >> > /etc/rc.local</b> > +# <b>echo "\"check /data\"; fsck -p /data; mount -s /data" >> > /etc/rc.local</b> > +</pre></blockquote> > + > +We add the entry of the partition in <i>/etc/fstab</i> with the DUID > +of the crypto volume. We also add the flag <i>noauto</i> so the system > +doesn't try to mount it with the other partitions as they're mounted > +before <i>/etc/rc.local</i> is run thus the crypto volume doesn't exist > +for the system, yet. > + > +<blockquote><pre> > +# <b>echo "b1e264fc29000110.p /data ffs \</b> > + <b> rw,nodev,nosuid,noauto 0 0" >> /etc/fstab</b> > +</pre></blockquote> > + > <h4>I forgot my passphrase!</h4> > Sorry. > This is real encryption, there's not a back door or magic unlocking > > -- May the most significant bit of your life be positive.
